CL110 - ch07s08

Bookmark this page

Guided Exercise: Launching and Verifying an Instance with Public Access

In this exercise, you will select and manage relevant parameters to launch an instance with public access, for selected use cases.

Outcomes

You should be able to launch an instance with public access.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that all resources required for the exercise are present.

[student@workstation ~]$ lab public-launch start

Procedure 7.4. Instructions

This guided exercise is in two parts. In part 1 you use the CLI, and in part 2 you use the Dashboard and workstation.

As the domain operator, developer1, in the finance project, launch an instance called finance-server7 using the following attributes:

Option	Value
image	`rhel8-web`
flavor	`m1.web`
network	`finance-network1`
security group	`finance-secgroup2`
key pair	`example-keypair`

On workstation, source the identity environment file for the developer1 user in the finance project.

[student@workstation ~]$ source ~/developer1-finance-rc
[student@workstation ~(developer1-finance)]$

Use the openstack server create command to create the finance-server7 server.

[student@workstation ~(developer1-finance)]$ openstack server create \
> --image rhel8-web \
> --flavor m1.web \
> --nic net-id=finance-network1 \
> --security-group finance-secgroup2 \
> --key-name example-keypair \
> --wait finance-server7
+-----------------------------+-----------------------------------------+
| Field                       | Value                                   |
+-----------------------------+-----------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                  |
| OS-EXT-AZ:availability_zone | nova                                    |
| OS-EXT-STS:power_state      | Running                                 |
| OS-EXT-STS:task_state       | None                                    |
| OS-EXT-STS:vm_state         | active                                  |
| OS-SRV-USG:launched_at      | 2020-07-10T09:54:03.000000              |
| OS-SRV-USG:terminated_at    | None                                    |
| accessIPv4                  |                                         |
| accessIPv6                  |                                         |
| addresses                   | finance-network1=192.168.1.110          |
| adminPass                   | V6PGwQbpget7                            |
| config_drive                |                                         |
| created                     | 2020-07-10T09:53:38Z                    |
| flavor                      | m1.web (9961e900-...-8aed94928f11)      |
| hostId                      | 7c7ec5d0a3e1f33b7...0d2de031988         |
| id                          | 039b9f65-18a1-4580-b058-0b5ef7451ead    |
| image                       | rhel8-web (642e5661-...-7d34eda53050)   |
| key_name                    | example-keypair                         |
| name                        | finance-server7                         |
| progress                    | 0                                       |
| project_id                  | c6e722576916465fb2212cec85091a19        |
| properties                  |                                         |
| security_groups             | name='finance-secgroup2'                |
| status                      | ACTIVE                                  |
| updated                     | 2020-07-10T09:54:03Z                    |
| user_id                     | b3bf77638121e0abd2a...bce0adcce1a5c3570 |
| volumes_attached            |                                         |
+-----------------------------+-----------------------------------------+

Find an available floating IP address and attach it to finance-server7.

Use the openstack floating ip list command to locate an available floating IP address. Ensure that the floating IP address is not attached to a port. Your address may differ from the output shown in this example.

[student@workstation ~(developer1-finance)]$ openstack floating ip list \
> -c "Floating IP Address" -c Port
+---------------------+------+
| Floating IP Address | Port |
+---------------------+------+
| 172.25.250.176      | None |
+---------------------+------+

Use the openstack server add command to attach the available floating IP address to finance-server7.

[student@workstation ~(developer1-finance)]$ openstack server add \
> floating ip finance-server7 172.25.250.176

Confirm that the floating IP address is attached to finance-server7.

[student@workstation ~(developer1-finance)]$ openstack server show finance-server7
...output omitted...
| addresses  | finance-network1=192.168.1.110, 172.25.250.176 |
...output omitted...

Confirm that the instance was successfully created and configured as a web server.

Use the curl command and the floating IP address to access the HTTP server.

[student@workstation ~(developer1-finance)]$ curl http://172.25.250.176
...output omitted...

Use the ssh command, the example-keypair key pair, the cloud-user account, and the floating IP address to access the instance. After logging in to the instance, run the ps -ef command to confirm that the HTTP processes are running.

[student@workstation ~(developer1-finance)]$ ssh cloud-user@172.25.250.176
[cloud-user@finance-server7 ~]$ ps -ef | grep httpd
root       795     1  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     801   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     802   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     803   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     804   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
...output omitted...

Note

Use the Dashboard to perform the following steps.

Log in to the Dashboard as developer1 user, in the Example domain, using redhat as the password. Ensure that the finance project is selected. Navigate to Project → Network → Network Topology. Locate finance-router1, hover over it using the mouse, and then click View Router Details. Review the overview page, and then click Interfaces.
Note the fixed IP address. It corresponds to the gateway for finance-network1. Click the interface name, and note the network name in the overview page.
Return to the Network Topology page. Note that finance-router1 is attached to two networks, however it only has one interface connecting it to finance-network1. The second attachment is the gateway to provider-datacentre. It is this network that allows public access. If finance-router1 did not have this gateway set then the floating IP address could not be attached to finance-server7 and public access would not be possible.
Hover the mouse over finance-server7 and click View Instance Details. On the overview page, note the security group rules. Navigate to Project → Network → Security Groups. In the action menu for finance-secgroup2, click Manage Rules. Click Delete Rule for the HTTP rule.

Confirm that the HTTP server is still running on finance-server7, but that HTTP access is no longer permitted.

Return to the workstation terminal where cloud-user is still logged in to finance-server7. Run the ps -ef command again, verifying the HTTP processes are still running. Log out from finance-server7.

[cloud-user@finance-server7 ~]$ ps -ef | grep httpd
root       795     1  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     801   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     802   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     803   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     804   795  0 06:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
[cloud-user@finance-server7 ~]$ logout
[student@workstation ~(developer1-finance)]$

Use the curl command with the floating IP address to access the HTTP server. After a while, the connection will time out.

[student@workstation ~(developer1-finance)]$ curl http://172.25.250.176
rl: (7) Failed to connect to 172.25.250.176 port 80: Connection timed out

Finish

On the workstation machine, use the lab command to complete this exercise. This is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab public-launch finish

This concludes the guided exercise.

Discuss Red Hat OpenStack Administration I: Core Operations for Domain Operators

Go to community

Red Hat OpenStack Administration I: Core Operations for Domain Operators (CL110)

Haley_Ruccio

1 sie 2023

Learn to operate a Red Hat® OpenStack Platform private cloud and manage domain resources to secure and deploy modern, scalable cloud applications, networks and storageRed Hat OpenStack Administration I: Core Operations for Domain Operators (CL110) teaches you how to operate and manage a production Red Hat OpenStack Platform (RHOSP) single-site overcloud. You will learn how to create secure project environments in which to provision resources and manage security privileges that cloud users need to deploy scalable cloud applications. You will learn about OpenShift integration with load balancers, identity management, monitoring, proxies, and storage. You will also develop more troubleshooting and Day 2 operations skills in this course.This course is based on Red Hat OpenStack Platform 16.1.Course content summaryStudents in the Red Hat OpenStack Administration I: Core Operations for Domain Operators (CL110) course will focus on performing both routine and specialized tasks that are necessary to manage a production OpenStack overcloud domain. Students will manage OpenStack using both web-based and command-line interfaces. Essential skills covered in the course include the following:Launch instances to satisfy various use case examples.Manage domains, projects, users, roles, and quota in a multitenant environment.Manage networks, subnets, routers, and floating IP addresses.Manage instance security with group rules and access keys.Create and manage block, object and shared storage within OpenStack.Perform instance launch customization with cloud-init.Deploy scalable applications using stack templates.Audience for this courseThis course is designed for cloud users who deploy application instances and stacks, domain operators who manage resources and security for cloud users, and any other cloud personnel interested in, or responsible for, maintaining applications on private or hybrid OpenStack clouds. Any cloud persona, or personnel with roles that include performing technology evaluation, should attend this course to learn RHOSP operation and application deployment methods.Prerequisites for this courseBecome a Red Hat Certified System Administrator (RHCSA) or demonstrate equivalent experienceIf you are not a RHCSA, you can take a skill assessment to gauge your level of knowledge.

Welcome to the Red Hat OpenStack Administration I (CL110) group in the Red Hat Learning Community!

Syed

31 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course CL110! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to CL110.Read more about Red Hat OpenStack Administration I: Core Operations for Domain Operators here.

Revision: cl110-16.1-4c76154